Hackers are gravitating from phishing to fish tanks. Hacking a casino high-roller database through the thermostat in a fish tank sounds like the plot of an Ocean’s Eleven reboot. But according to a cybersecurity expert, it really happened. Earlier this week criminals took great interest in the vast tropical aquarium that an unnamed Las Vegas casino had installed in its lobby and they were able to steal the database by gaining access to its computer network via an internet-connected thermostat.
The casino’s owners thought that the huge fish tank was an impressive sight that helped create a classy ambience as people arrived.
What they failed to realise was that the aquarium was an easy way to break into the casino’s computer system, and the hackers pounced.
The offending piece of supposedly smart tech was used to regulate the water temperature of an aquarium. But its internet connection – the very connection casino staff probably considered useful when installing the device – left the establishment’s servers exposed.
Speaking at the WSJ CEO Council Conference in London, Nicole Eagan, the CEO of cyber defence company Darktrace, said that once the hackers had breached the system of the casino they were able to “pull [the database] back across the network, out the thermostat, and up to the cloud.”
This is one among several other examples of how businesses are failing to protect themselves against hacking through the seemingly innocent internet of things (IoT) devices. As internet-connected smart gadgets and appliances become more common, they are creating more weak links in corporate security, said Egan.
The problem here is obvious, and so is the solution; ‘smart’ devices like this thermostat need to meet the same security standards as a smartphone or laptop and must be treated as such by their owners.